libsepol/cil: Warn instead of fail if permission is not resolve
If a policy module package has been created with a policy that contains a permission and then is used on a system without that permission CIL will fail with an error when it cannot resolve the permission. This will prevent the installation on policy and the user will not know that the policy has not been installed. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
parent
d5396d8312
commit
46e157b470
|
@ -131,10 +131,10 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (rc != SEPOL_OK) {
|
if (rc != SEPOL_OK) {
|
||||||
cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data);
|
cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data);
|
||||||
goto exit;
|
} else {
|
||||||
|
cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
|
||||||
}
|
}
|
||||||
cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
|
|
||||||
} else {
|
} else {
|
||||||
cil_list_append(*perm_datums, curr->flavor, curr->data);
|
cil_list_append(*perm_datums, curr->flavor, curr->data);
|
||||||
}
|
}
|
||||||
|
@ -3660,7 +3660,7 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
|
||||||
rc = SEPOL_OK;
|
rc = SEPOL_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
cil_tree_log(node, lvl, "Failed to resolve '%s' in %s statement", args->last_resolved_name, cil_node_to_string(node));
|
cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue